SCCM Remove Computer from Collection after OSD

Benoit LecoursPowershell, SCCM1 Comment

This post is a step-by-step guide on how to remove computers from the collection after OSD. If you’re using specific collections for your OSD deployments you certainly know that the collections are not emptied automatically. After a couple of weeks, you’ll end up with a collection full of systems. The bad news is that there’s nothing built-in in the product, the good news is that our friend PowerShell can do this dirty job. To run the script : The imported module needs to be trusted The script must run in x86 mode The computer account must have proper permission (SCCM and DCOM) SCCM Remove Collection OSD – Permission You need to add your primary site computer account as a “Full Administrator” in SCCM You need to add the “System” account “Remote Access” right in DCOM permission Launch “dcomcnfg.exe” Navigate to Component Services / Computer / My Computers (Right-Click) / Properties … Read More

SCCM Console Access Denied problem

Benoit LecoursSCCMLeave a Comment

As an SCCM administrator, you use the SCCM console to access your primary site. Some of you may use the console locally on the SCCM server and some use the console on remote machines. Recently a customer ask for help because of an SCCM Console Access Denied problem. The SCCM console was working fine before and it was also working on another machine with the same user. I eventually found the solution and decided to document the whole troubleshooting process to fix SCCM Console Access Denied in this blog post. Step 1 – Troubleshooting on affected machine For any remote console troubleshooting issues, start with reading the SmsAdminUI.log file located on the client. This log file is located: C:\Program Files (x86)\Microsoft Endpoint Manager\AdminConsole\ AdminUILog In my example, you can see the error: Insufficient privilege to connect, error: Access is Denied. (Exception from HRRESULT: 0x80070005 (E_ACCESSDENIED)) Step 2- Understand the needed … Read More

SCCM CMPivot Query Examples

Benoit LecoursSCCM16 Comments

SCCM CMPivot has been introduced in SCCM 1806 and it’s making its way to being a pretty useful addition. If you are not familiar with this new feature, you can read about it in our previous post which describes how to use it. The goal of this post is to give you a list of SCCM CMPivot Query Examples. From there you can get creative to create more complex CMPivot queries. When we began using CMPivot, we were a bit lost. We are pretty comfortable with various programming languages but CMPivot uses the Kusto Query language. data flow model for the tabular expression statement which was new for us. The official Microsoft documentation states : The typical structure of a tabular expression statement is a composition of client entities and tabular data operators (such as filters and projections). The composition is represented by the pipe character (|), giving the statement a … Read More

SCCM Office 2021 Deployment guide

Benoit LecoursSCCMLeave a Comment

This blog post will describe how to Deploy Office 2021 using SCCM (using Click-to-run version). Beginning in Office 2019, Office client applications will no longer be available in MSI format. You can download an ISO on your volume licensing download center or use the Office Deployment Tool. We suggest using the Office deployment tool to have the latest available version. If you’re still confused about the differences between Office 2021 vs Office 365: Office 365 is a subscription that comes with premium apps like Word, Excel, PowerPoint, OneNote, Outlook, Publisher, and Access (Publisher and Access available on PC only). The apps can be installed on multiple devices, including PCs, Macs, iPads, iPhones, Android tablets, and Android phones. With a subscription, you get the latest versions of the apps and automatically receive updates when they happen. Office 2021 is a one-time purchase that comes with classic apps like Word, Excel, and PowerPoint for … Read More

Import Windows Devices for AutoPilot in Microsoft Endpoint Manager

Benoit LecoursIntune13 Comments

Windows Autopilot is a solution designed that allows you to set up and pre-configure Windows devices for your environment using Azure and Endpoint Manager. The goal of Autopilot is to reduce the OS deployment complexity. If done correctly, a user logs to an out-of-box computer, logs on his computer with his ADD user account, and applications and configurations get deployed. All that with minimum infrastructure requirements. If you are new to Autopilot, we have a post that describes every step you need to do to get started. Autopilot has its flaws but it’s improving very fast. One of those flaws was that device importation was made from the Windows Store for Business or the Microsoft Partner Center. Those days are over since you can now import your device directly from Endpoint Manager. Endpoint Manager Autopilot device import Launch Endpoint Manager Select Device / Enroll Devices / Windows enrollment In the Windows Autopilot … Read More

How to use SCCM Content Library Cleanup Tool

Benoit LecoursSCCM20 Comments

Starting with SCCM 1702, a new command line tool is available to remove content that is no longer associated with any package or application from a distribution point. The SCCM Content library cleanup tool (ContentLibraryCleanup.exe) can help you save up valuable space in a specific distribution point content library. The tool will delete content from the library based on the specified distribution point when the tool is run. SCCM Content Library Cleanup Tool Requirements You can run the content library cleanup tool directly on the computer that hosts the distribution point or remotely from another server You can run the tool from a single distribution point at a time You will need to have Full Administrator RBAC Role and the “All” Security scope in the Configuration Manager hierarchy Running the Tool You can find ContentLibraryCleanup.exe in the SCCMInstallationDir\cd.latest\SMSSETUP\TOOLS\ContentLibraryCleanup\ folder on the primary site or central administration site. You can run the tool … Read More

How to Manage SCCM IIS Log Files

Benoit LecoursSCCM3 Comments

After a couple of weeks of running an SCCM server, you may get the C:\ drive full. What are the best practices to save disk space on an SCCM server? The first thing we check is how much space is filled by SCCM IIS log files. Usually, it takes a couple of GB on the drive. It’s an absolute must to implement solutions to delete SCCM IIS logs files from your primary server. The SCCM IIS logs files are usually in C:\Inetpub\Logs\LogFiles and are increasing at a rapid pace. In my lab environment with 50 clients, it’s growing at about 1MB per day. Not much… but on an SCCM site, I’m actually managing with a couple of thousand clients, it grows 150 MB a day. It could fill up a drive pretty quickly. There are numerous ways to manage SCCM IIS log files : Delete the logs manually or use a scheduled task Use … Read More

Deploy SCCM Wifi Profiles with Password to Windows 10 Devices

Benoit LecoursSCCM10 Comments

Introduced since SCCM 2012 R2, SCCM Wifi profiles are used to send Wifi configurations to clients. It can be useful if your company is not using certificates or any automated authentication methods. A smaller organization that uses a simple WPA2 setup can use SCCM Wifi profiles to send Wifi SSID and password so that the computers connect automatically to that network. You can also use Wifi profile to manage mobile devices with Intune but we won’t cover this scenario in this post. The major drawback of the SCCM Wifi Profile is that it’s impossible to enter the Wifi password using the console UI. (Even in the newest versions). We will show you how to deploy Wifi profiles on a Windows 10 or Windows 8.1 computer, including the Wifi password using an XML file. How to deploy SCCM Wifi Profiles with password to Windows 10 devices Since it’s not possible to enter a password in … Read More

Deploy Windows 11 using SCCM / MEMCM

Benoit LecoursSCCMLeave a Comment

Windows 11 has been released by Microsoft on October 5th, 2021. If you are planning to deploy and manage Windows 11 using SCCM or Configuration Manager, this post has you covered. Like any other Windows version, you need to do a couple of tasks before you can do an SCCM Windows 11 Deployment. In a previous blog post, we listed everything you need to know about SCCM and Windows 11. You can read the whole post but here’s the important part: SCCM is ready to support Windows 11 starting with SCCM version 2107. You need to run at least SCCM 2107 and your device needs specific requirements. Let’s get started to Deploy Windows 11 using SCCM / MEMCM ! Table of Content Prerequisites Check if you have an SCCM Supported version Upgrade your Windows ADK Download Windows 11 ISO Mount and extract the ISO file Import the Windows 11 WIM … Read More

How to use Microsoft Defender for Endpoint antivirus security with Intune

Jonathan LefebvreIntuneLeave a Comment

Microsoft Defender has come a long way since the first few releases to become a leader in all all-things security-related. What was originally a standard antivirus solution has evolved into a full product suite. If you are looking to configure Microsoft Defender(Endpoint protection) with Configuration Manager, see our guide that is available in our shop This post will focus on configuring Microsoft Defender for Endpoint Security Antivirus by using Intune. Prerequisites Windows 10 or Windows 11 Aside from the Intune various licensing option you’ll need to manage your devices, there are no other requirements to use this feature. Create Microsoft Defender for Endpoint antivirus security profiles Connect to the Endpoint portal Browse to Endpoint Security/ Antivirus Click Create Policy. At this point, the Antivirus policies are split into 3 distinct sections. Microsoft Defender Antivirus This will essentially manage the core features. Microsoft Defender Antivirus Exclusions This will be the various … Read More